Associate Application Security Engineer - Summer Intern Program

About The Position

Requirements

• Foundational understanding of web application concepts and common security risks (e.g., OWASP Top 10).
• Basic familiarity with one or more programming or scripting languages and ability to read code.
• Familiarity with Git and modern development practices (issue tracking, pull requests, CI/CD concepts).
• Strong organization and analytical skills.
• Excellent written and verbal communication skills.
• Currently attending college or recently graduated in a related field.

Nice To Haves

• Exposure to security testing tools (e.g., Burp Suite, OWASP ZAP, SAST/SCA tooling) is a plus.
• Coursework or projects in cybersecurity, software engineering, secure coding, or web security preferred.
• CompTIA Security+ (preferred, not required).

Responsibilities

• Support the Application Security (AppSec) team with day-to-day operations related to Application Security Assurance.
• Assist with security testing activities (e.g., SAST, SCA, DAST) and help validate and triage findings under supervision.
• Support threat modeling reviews by capturing system context (assets, trust boundaries, and data flows) and documenting follow-ups.
• Assist with creating and updating System Security Plan (SSP) documentation for assigned Sorenson systems and services.
• Help streamline and automate SSP artifact/evidence gathering and report generation where possible (e.g., reusable templates and standardized evidence checklists).
• Help build remediation workflow efficiency by supporting the handoff of findings from SAST tools into JIRA (e.g., consistent ticket creation fields and status tracking).
• Assist with developing or updating runbooks and supporting documentation to improve repeatability and operational efficiency.
• Other duties as assigned.